Cross realm auth with MS Server 2003 and MIT kerb
BarBaar
beurdy at priest.com
Fri Oct 22 10:28:03 EDT 2004
Hi all,
I took a little step backward today. First I tried to acces a Debian
telnet service with a WinXP client, and a Windows 2003 server KDC.
This was no problem (the client is a member of the 2003 domain).
The next step was to authenticate on a MIT KDC with the WinXP client.
The WinXP client needs the autenticate on the KDC. This first failed
for the same reason as I described in the first post here (the KDC
does receive the request (AS and TGS) but the the WinXP authentication
did fail.
Then I started to read again in O'reilly's boek, and saw that there is
more involved in getting a WinXP client to talk to a MIT KDC.
I needed to use ksetup:
ksetup /setdomain TEST2.NL
ksetup /addkdc TEST2.NL kdc.test2.nl
ksetup /addkpassword TEST2.NL
ksetup /setmatchpassword winxp.test2.nl <password>
After did I was able to use Kerberos on the WinXP box (and thus use
MIT Kerberos)..
I never took those stepd before. Do I need to execute any of these
commands on the 2003 server to make cross-realm auth possible? I am a
little confused about this at the moment.
Thanks,
Bart
More information about the Kerberos
mailing list